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REMARKS/ARGUMENTS 

The applicant would like to acknowledge, with thanks, the Office Action that was mailed 
on July 12, 2006. This amendment is responsive to the July 12, 2006 Office Action. 

The applicant would also like to thank the examiner for the personal interview granted on 
12 September 2006 between the undersigned and the examiner. Claim 1 was discussed. U.S. 
Patent No. 6,307,837 to Ichikawa was discussed. No exhibits or demonstrations were utilized. 
The general thrust of the argument was the distinction between present application and Ichikawa 
is that assigning of the VLAN encryption key is performed by the AP, whereas in Ichikawa the 
VLAN encryption key is assigned by the authentication server. No agreement was reached with 
the respect to the claims. The general outcome is described in the Interview Summary form 
completed by the examiner. 

Claim Objections 

Claim 21 was objected to because of a space missing between "Virtual Local Area 
Networks" and (VLANs). Claim 21 has been amended accordingly. 

Claim Rejections 

Claim 1 stand rejected under 35 U.S.C. 121, 2 nd paragraph for being indefinite for failing 
to particularly point out and distinctly claim the subject matter of the invention. In particular, the 
phrase "local to the access point" was rejected as indefinite. Accordingly, this phrase has been 
removed and withdrawal of this rejection is respectfully requested. 

Claims 1, 3, 8, 10, 12, 17 and 19-22 stand rejected under 35 U.S.C. § 103(a) as being 
obvious in view of the combination of U.S. Patent No. 6,307,837 to Ichikawa et al. (hereinafter 
Ichikawa) and Kerberos as illustrated by De Clercq et al., Jan De Clercq and Micky Balladelli 
"Windows 2000 Authentication", March 2001, Digital Press {hereinafter Kerberos). Claims 5 
and 14 stand rejected under 35 U.S.C. § 103(a) as being obvious in view of the combination of 
Ichikawa, Kerberos and U.S. Patent Publication No. 2001/0014088 to Johnson et al. (hereinafter 
Johnson). Claims 9 and 16 stand rejected under 35 U.S.C. § 103(a) as being obvious in view of 
the combination of Ichikawa, Kerberos and U.S. Patent Application Publication No. 
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2003/0041266 to Ke et al. {hereinafter Ke). Withdrawal of these rejections is now requested for 
the reasons that will now be set forth. 

Independent claims 1 and 10 recite a method and a system that includes a table 
associating broadcast keys with VLANs that is maintained at an access point. When a request to 
access the network by a wireless station is received by the access point, the access point 
authenticates the wireless station with an authentication server. The access point receives from 
the authentication server data identifying a VLAN for the wireless station. The access point then 
access the table that is maintained at the access point to determine the appropriate broadcast key 
for the VLAN identified by the authentication server and sends the appropriate broadcast key to 
the wireless station. 

Independent claim 23 recites a system with first and second access points coupled to an 
authentication server. When a wireless station associates with the first access point, the first 
access point authenticates the wireless station with the authenticates server and receives data 
from the authentication server identifying a VLAN associated with the wireless station. The first 
access point accesses a first table maintained at the first access point having a first set of 
encryption keys associated with VLANs to determine a first appropriate encryption key for the 
VLAN from the first set of encryption keys. The first appropriate encryption key is then 
provided to the wireless station. 

When the wireless station associated with the second access point, the second access 
point authenticates the wireless station with the authentication server and receives data from the 
authentication server identifying the VLAN associated with the wireless station. The second 
access point accesses a second table maintained at the second access point having a second set of 
encryption keys associated with VLANs to determine a second appropriate encryption key for 
the VLAN from the second set of encryption keys. The second appropriate encryption key is 
then provided to the wireless station. 

By contrast, Ichikawa stores the VLAN information table with VLAN-ID and VLAN- 
Keys at the authentication server 7-8 (col. 11, lines 64-66 "In addition to above, terminal 
authentication server 7-8 is provided with VLAN information shown in Table 3 as a table."; cf. 
Table 3 at top of column 12), not at the access point (the functional equivalent of the access point 
in Ichikawa is the wireless base station 7-6). The encryption key is shared by all terminals 
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having the same VLAN-ID (col. 12 lines 10-13), whereas as recited in claims 1, 10 and 23 is that 
the broadcast keys are maintained at the access point, not at the authentication server, which can 
enhance security because each access point can have a different broadcast key for the same 
VLAN. Thus, if a broadcast key is compromised at one access point, the VLAN is still secure at 
the remaining access points. Therefore, Ichikawa does not teach or suggest all of the elements of 
claims 1, 10 and 23. In addition to the reasons just set forth, claim 23 further recites that a first 
table with a first set of encryption keys associated with VLANs is maintained by the first access 
point and a second table with a second set of encryption keys associates with VLANs is 
maintained by the second access point, which Ichikawa does not teach nor suggest because 
Ichikawa only has one table for associating keys with VLANs that is maintained by the 
authentication server. 

The aforementioned deficiencies in Ichikawa are not remedied by any teaching of 
Kerberos. Kerberos, like Ichikawa, uses a centralized server to distribute keys (the Key 
Distribution Center (KDC)), and does not have a table local to the access point that the access 
point uses to determine an appropriate key for a wireless station based on VLAN data received 
from an authentication server. 

The aforementioned deficiencies in Ichikawa and Kerberos are not remedied by any 
teaching of either Johnson or Ke. Johnson makes no mention of VLANs. Furthermore, the 
examiner cites Johnson for teaching the wireless LAN operates in accordance with the IEEE 
802.11 standard, which does not remedy the aforementioned defects in Ichikawa and/or 
Kerberos. The only mention in Ke about VLANs is that VLANs can be connected to a switch 
via dedicated communication links (see for example paragraphs 13 & 14). Furthermore, the 
examiner recites Ke for teaching the step of tagging data to which subnet it belongs, which does 
not remedy the aforementioned defects in Ichikawa and/or Kerberos. Therefore, neither 
Ichikawa, Kerberos, Johnson nor Ke, alone or in any combination thereof, teach or suggest all of 
the elements of independent claims 1, 10 and 23. 

Claims 3, 5, 8, 9 and 19 directly depend from claim 1 and therefore contain each and 
every element of claim 1. Therefore, for the reasons already set forth for claim 1, claims 3, 5, 8, 
9 and 19 are not obvious based on the combination of by Ichikawa, Kerberos, Johnson and/or 
Ke. 
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Claims 12, 14, 16-17 and 20 directly depend from claim 10 and therefore contain each 
and every element of claim 10. Therefore, for the reasons already set forth for claim 10, claims 
12, 14, 16-17 and 20 are not obvious based on the combination of Ichikawa, Kerberos Johnson 



Claims 24-26 directly depends from claim 23 and therefore contains each and every 
element of claim 23. Therefore, for the reasons already set forth for claim 23, claims 24-26 are 
not obvious based on the combination of Ichikawa, Kerberos, Johnson and/or Ke. 



For the reasons just set forth, applicant respectfully requests withdrawal of the objections 
and rejections and a Notice of Allowance is earnestly solicited. If there are any fees necessitated 
by the foregoing communication, the Commissioner is hereby authorized to charge such fees to 
our Deposit Account No. 50-0902, referencing our Docket No. 72255/13066. 



and/or Ke. 



Conclusion 



Respectfully submitted, 



Date: October 10, 2006 
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